Catch UvBlocked and have way to fall back to PIN internally #56
Conversation
AlfioEmanueleFresta
left a comment
AlfioEmanueleFresta
left a comment
There was a problem hiding this comment.
Thank you for these changes @msirringhaus!
I agree with the overall approach.
Have you tested this with any devices that support both built-in UV and PIN? If so, which one?
Minor comments, mostly to sprinkle a few log statements.
I'm unsure if and how built-in UV is handled for hybrid transport passkeys on phones. Once the hybrid transport changes are complete, I think it will be worth testing. In the unlikely case the PIN-retry causes an additional prompt to the user, it may be worth considering changing this behaviour - or making this configurable.
msirringhaus
force-pushed
the
fix_uv_auth
branch
from
013b8c0 to
a0768a4
Compare
|
Thanks for the review! I have tested it with a Yubikey Bio. With respect to hybrid mode: I'm also not yet sure how this will be affected. |
AlfioEmanueleFresta
merged commit 4eec738
into
linux-credentials:master
|
Thank you for your changes and for addressing the feedback! |
2 participants
Currently, there is no way to recover from a
UvBlocked-error.I added an internal fallback to PIN, if we encounter an
UvBlocked-error.Alternatively, we could also mark that error as retryable, return it to the application as normal and give the API some way to communicate back to skip Uv and use PIN instead, if the app decides to retry. But this seemed to me a rather clunky API, as I can't think of a scenario, where one wouldn't want to fall back to PIN.